Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-4863 PoC — Google Chrome 缓冲区错误漏洞

Source
https://github.com/OITApps/Find-VulnerableElectronVersion
Associated Vulnerability
Title:Google Chrome 缓冲区错误漏洞 (CVE-2023-4863)
Description:Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Description
Scans an executable and determines if it was wrapped in an Electron version vulnerable to the Chromium vulnerability CVE-2023-4863/ CVE-2023-5129
Readme
# Find-VulnerableElectronVersion
Scans an executable and determines if it was wrapped in an Electron version vulnerable to the Chromium vulnerability CVE-2023-4863/ CVE-2023-5129 using the Sysinternals tool Strings. Only supported on Windows devices.

Requires Sysinternals to be installed: https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Example syntax: Find-VulnerableElectronVersion -AppPath C:\Users\<username>\AppData\Local\Programs\AppName -FileName AppName.exe -StringsPath C:\Users\<username>\Documents\Sysinternals

To easily find the .exe path, right-click on the app's desktop/ start menu shortcut > Open file location. Copy the path from File Explorer.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →